21

Whats the best/easiest way to test for administrative rights in a PowerShell script?

I need to write a script that requires administrative rights and want to know the best way to achieve it.

Improve this question

5 Answers 5

Reset to default
23

This is the little function I have in a security module:

function Test-IsAdmin {
    try {
        $identity = [Security.Principal.WindowsIdentity]::GetCurrent()
        $principal = New-Object Security.Principal.WindowsPrincipal -ArgumentList $identity
        return $principal.IsInRole( [Security.Principal.WindowsBuiltInRole]::Administrator )
    } catch {
        throw "Failed to determine if the current user has elevated privileges. The error was: '{0}'." -f $_
    }

    <#
        .SYNOPSIS
            Checks if the current Powershell instance is running with elevated privileges or not.
        .EXAMPLE
            PS C:\> Test-IsAdmin
        .OUTPUTS
            System.Boolean
                True if the current Powershell is elevated, false if not.
    #>
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

19

In Powershell 4.0 you can use requires at the top of your script:

#Requires -RunAsAdministrator

Outputs:

The script 'MyScript.ps1' cannot be run because it contains a "#requires" statement for running as Administrator. The current Windows PowerShell session is not running as Administrator. Start Windows PowerShell by using the Run as Administrator option, and then try running the script again.

Improve this answer

2 Comments

When you paste #Requires -RunAsAdministrator on the top of a script in the PowerShell ISE nothing happens...
This is great, but using Right mouse button > Run with PowerShell just closes the script right away. Read-Host as the next line doesn't help. How to deal with this when trying to directly run a script?
7

Here it is directly:

$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(`
        [Security.Principal.WindowsBuiltInRole] "Administrator")
Improve this answer

Comments

5

FYI, for those folks that have the PowerShell Community Extensions installed:

PS> Test-UserGroupMembership -GroupName Administrators
True

This cmdlet is a bit more generic in that you can test for group membership in any group.

Improve this answer

2 Comments

Just curious, does this just check if the user in the group or does it also check if they are running with all privilege tokens (elevated)?
@AndyArismendi if you are not elevated this will return false even if the user is in the Administrators group on a UAC enabled system. That's because the process has just a "standard" user token. If the process is elevated then this returns true.
2

Check out this url: http://blogs.technet.com/b/heyscriptingguy/archive/2011/05/11/check-for-admin-credentials-in-a-powershell-script.aspx

I didn't test it but the summary seems to state what you are looking for: "Learn how to check for administrative credentials when you run a Windows PowerShell script or command."

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.